Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5c924562-bdfd-4cd3-a4c8-0a801b1407a8.roa
File:                     5c924562-bdfd-4cd3-a4c8-0a801b1407a8.roa (raw, json)
Hash identifier:          T83BMY021+FPw/BKEm21RAdvbpiY/N6KY9tni2zmA/0=
Subject key identifier:   34:C6:EA:69:A6:07:95:C4:29:AC:D5:19:D5:9F:56:51:AD:23:DC:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       357B669ACC288F089EE94109B4C088336795AF61
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5c924562-bdfd-4cd3-a4c8-0a801b1407a8.roa
Signing time:             Sun 19 Oct 2025 06:31:27 +0000
ROA not before:           Sun 19 Oct 2025 06:31:27 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:7b:66:9a:cc:28:8f:08:9e:e9:41:09:b4:c0:88:33:67:95:af:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 06:31:27 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=bb762506ffbcb27a0acd1af506210bd2f05937ad1933ab739536929cf4a8d01e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6c:e1:fb:4f:a6:f5:ae:c0:a9:de:be:c0:80:
                    ea:d2:7a:af:86:d3:17:37:90:c3:81:d7:b7:e0:a3:
                    b8:4b:8e:a2:6b:7a:40:a1:74:55:23:19:fd:a1:a7:
                    fa:f9:a4:e0:64:26:09:66:a0:02:83:42:1a:d1:02:
                    f1:34:fa:25:1e:e0:64:cc:8d:58:ab:7a:48:94:64:
                    60:7b:96:1b:3e:b2:06:06:84:c2:54:d4:d7:ed:53:
                    7b:8a:9e:32:ad:f4:a7:5c:b7:bb:7a:d1:4b:9a:18:
                    cd:bb:e8:66:c3:91:67:8d:e1:a1:de:7e:fa:2d:d0:
                    ae:56:0e:ec:ed:0a:61:bd:5b:e6:56:c3:eb:de:90:
                    c9:d1:b2:92:4e:1f:a2:81:3f:c7:21:28:bb:24:51:
                    18:6d:d5:15:a4:0d:48:6f:2e:44:4d:58:b6:7b:76:
                    b6:45:b2:81:d2:51:ef:da:5f:ef:17:9b:1e:dc:b2:
                    90:ac:e8:45:54:91:e9:bb:3f:6b:e0:ab:ab:9e:ba:
                    f9:45:01:d7:78:6e:5b:99:44:58:b6:bf:43:9d:9c:
                    5b:3f:3c:11:80:cf:42:93:ca:3e:76:08:a5:49:ab:
                    6c:64:42:14:e0:31:b9:1c:c3:23:30:cf:d0:b1:0c:
                    2b:41:e7:da:21:7e:3a:a8:09:43:f3:78:c5:e6:0a:
                    1f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:C6:EA:69:A6:07:95:C4:29:AC:D5:19:D5:9F:56:51:AD:23:DC:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5c924562-bdfd-4cd3-a4c8-0a801b1407a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:9e:82:68:5d:08:43:d1:d0:96:33:c7:b3:b7:7e:6a:64:53:
         7a:ce:26:55:e6:5d:e0:9e:70:e6:2e:c7:08:65:c2:47:a5:8a:
         a5:71:15:c4:35:48:f5:45:39:30:43:74:85:4b:e8:1e:e8:91:
         1d:6b:4d:44:8e:86:c1:6e:5e:16:cd:90:5e:7a:61:82:5a:d0:
         ab:dc:78:38:db:27:d8:0e:e3:8a:5c:12:74:98:41:43:e0:18:
         45:90:0b:fb:3c:af:09:fe:39:34:ca:de:ee:4b:ea:33:ac:e9:
         a5:f1:a5:97:1b:f2:4f:af:10:6d:75:60:a6:28:2e:a2:28:6f:
         bf:74:35:5e:f3:fd:a4:56:13:23:55:bf:3a:e5:27:15:d1:c7:
         e8:9f:5e:87:c0:40:7f:04:9f:f7:0f:4e:9e:0d:be:a6:50:cd:
         27:9f:9a:5d:6e:25:16:76:b9:92:79:c6:db:ca:f5:10:a1:17:
         39:89:25:ca:11:98:77:8f:d1:f1:b9:8b:84:b3:33:27:44:2e:
         0a:55:fc:14:7c:84:55:db:e0:15:ec:53:3a:a8:89:f0:54:21:
         50:f6:11:6e:50:74:ec:d2:20:10:fb:ea:d3:25:c4:0d:84:0a:
         1d:45:d3:cf:f5:17:3d:d9:a0:cd:c5:fb:a5:05:ba:99:4c:2b:
         75:62:07:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNXtmmswojwie6UEJtMCIM2eVr2EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDYzMTI3WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjc2MjUwNmZmYmNiMjdhMGFjZDFhZjUwNjIxMGJkMmYw
NTkzN2FkMTkzM2FiNzM5NTM2OTI5Y2Y0YThkMDFlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHbOH7T6b1rsCp3r7AgOrSeq+G0xc3kMOB17fgo7hLjqJr
ekChdFUjGf2hp/r5pOBkJglmoAKDQhrRAvE0+iUe4GTMjVirekiUZGB7lhs+sgYG
hMJU1NftU3uKnjKt9Kdct7t60UuaGM276GbDkWeN4aHefvot0K5WDuztCmG9W+ZW
w+vekMnRspJOH6KBP8chKLskURht1RWkDUhvLkRNWLZ7drZFsoHSUe/aX+8Xmx7c
spCs6EVUkem7P2vgq6ueuvlFAdd4bluZRFi2v0OdnFs/PBGAz0KTyj52CKVJq2xk
QhTgMbkcwyMwz9CxDCtB59ohfjqoCUPzeMXmCh9dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNMbqaaYHlcQprNUZ1Z9WUa0j3KIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVjOTI0NTYyLWJkZmQtNGNkMy1hNGM4LTBhODAxYjE0MDdhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE0VfIwDQYJKoZIhvcNAQELBQADggEBABGegmhdCEPR0JYzx7O3fmpkU3rO
JlXmXeCecOYuxwhlwkeliqVxFcQ1SPVFOTBDdIVL6B7okR1rTUSOhsFuXhbNkF56
YYJa0KvceDjbJ9gO44pcEnSYQUPgGEWQC/s8rwn+OTTK3u5L6jOs6aXxpZcb8k+v
EG11YKYoLqIob790NV7z/aRWEyNVvzrlJxXRx+ifXofAQH8En/cPTp4NvqZQzSef
ml1uJRZ2uZJ5xtvK9RChFzmJJcoRmHeP0fG5i4SzMydELgpV/BR8hFXb4BXsUzqo
ifBUIVD2EW5QdOzSIBD76tMlxA2ECh1F08/1Fz3ZoM3F+6UFuplMK3ViB7M=
-----END CERTIFICATE-----